温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

squid搭建代理

发布时间:2020-08-11 23:18:07 来源:网络 阅读:1373 作者:dongming89 栏目:网络安全

1.1 目的或背景

万得数据部门需要海外相关数据,但由于GFW的缘故,中国大陆直接访问海外网站会遇到诸多问题,因此需要在香港搭建一台代理服务器,以此解决相关问题。

1.1 部署Squid

1.1.1获取软件

squid的官方站点:http://www.squid-cache.org/

可以下载源代码包,也可以下载RPM包。该文档介绍源代码安装。

1.1.2安装软件

1.       将下载文件拷贝到

hkproxy:/usr/local/src# dir

-rw-r--r--  1 root        root   4828446  7  1 22:14 squid-3.5.20.tar.gz

2.       解压安装包
hkproxy:/usr/local/src #tar zxvf squid-3.5.20.tar.gz

3.       进入到安装包
hkproxy:/usr/local/src # cd squid-3.5.20/

hkproxy:/usr/local/src/squid-3.5.20 #

4.       创建安装squid目录

hkproxy:/usr/local # mkdir squid

5.       添加squid用户

# useradd squid -g squid -s /bin/false

同时设置密码

创建组:

#groupadd squid

6.       ./configure安装

hkproxy:/usr/local/src/squid-3.5.20 #./configure--prefix=/usr/local/squid/ --enable-ssl --enable-underscore --enable-icmp--enable-kill-parent-hack --enable-gnuregex--enable-default-err-language="Simplify_Chinese" --with-large-files--with-default-user=squid --disable-loadable-modules

注:--prefix=/usr/local/squid/Squid的安装目录,缺省值为/usr/local/squid

 --enable-ssl:允许Squid终止SSL/TLS连接,仅对代理模式的加速请求有效;

--enable-underscores:允许主机名里包含下划线,但仍须考虑DNS解析程序可能会禁止主机名里包含下划线。

--enable-icmp:利用ICMP消息来确定回环时间(round-trip time),这类似于ping程序;

--enable-kill-parent-hack: 关掉squid的时候,要不要连同父进程一起关掉。

--enable-gnuregex:使用GNU正则表达式。

--enable-default-err-language=lang:错误消息采用的默认语言,英语是默认值。

--with-large-files: 支持大文件

--with-default-user=squid  指定squid用户

--disable-loadable-modules :禁用加载动态的相关模块或预装的模块。在编译GCC的时候会报错,因此需要禁用该模块。

更多模块可以参考: ./configure –help

hkproxy:/usr/local/src/squid-3.5.20# ./configure --help | more

`configure'configures Squid Web Proxy 3.5.20 to adapt to many kinds of systems.

 

Usage: ./configure[OPTION]... [VAR=VALUE]...

 

To assignenvironment variables (e.g., CC, CFLAGS...), specify them as

VAR=VALUE.  See below for descriptions of some of theuseful variables.

 

Defaultsfor the options are specified in brackets.

 

Configuration:

  -h, --help              display this help and exit

      --help=short        display options specific to thispackage

      --help=recursive    display the short help of all the includedpackages

  -V, --version           display version information and exit

  -q, --quiet, --silent   do not print `checking ...' messages

      --cache-file=FILE   cache test results in FILE [disabled]

  -C, --config-cache      alias for `--cache-file=config.cache'

  -n, --no-create         do not create output files

      --srcdir=DIR        find the sources in DIR [configure diror `..']

 

Installationdirectories:

  --prefix=PREFIX         install architecture-independent filesin PREFIX

                          [/usr/local/squid]

  --exec-prefix=EPREFIX   install architecture-dependent files inEPREFIX

                          [PREFIX]

 

Bydefault, `make install' will install all the files in

`/usr/local/squid/bin',`/usr/local/squid/lib' etc.  You canspecify

aninstallation prefix other than `/usr/local/squid' using `--prefix',

forinstance `--prefix=$HOME'.

 

For bettercontrol, use the options below.

 

Finetuning of the installation directories:

  --bindir=DIR            user executables [EPREFIX/bin]

  --sbindir=DIR           system admin executables[EPREFIX/sbin]

  --libexecdir=DIR        program executables [EPREFIX/libexec]

  --sysconfdir=DIR        read-only single-machine data[PREFIX/etc]

  --sharedstatedir=DIR    modifiable architecture-independent data[PREFIX/com]

  --localstatedir=DIR     modifiable single-machine data[PREFIX/var]

  --runstatedir=DIR       modifiable per-process data[LOCALSTATEDIR/run]

  --libdir=DIR            object code libraries [EPREFIX/lib]

  --includedir=DIR        C header files [PREFIX/include]

  --oldincludedir=DIR     C header files for non-gcc [/usr/include]

  --datarootdir=DIR       read-only arch.-independent data root[PREFIX/share]

  --datadir=DIR           read-only architecture-independentdata [DATAROOTDIR]

  --infodir=DIR           info documentation[DATAROOTDIR/info]

  --localedir=DIR         locale-dependent data[DATAROOTDIR/locale]

  --mandir=DIR            man documentation [DATAROOTDIR/man]

  --docdir=DIR            documentation root[DATAROOTDIR/doc/squid]

  --htmldir=DIR           html documentation [DOCDIR]

  --dvidir=DIR            dvi documentation [DOCDIR]

  --pdfdir=DIR            pdf documentation [DOCDIR]

  --psdir=DIR             ps documentation [DOCDIR]

 

 

7.       如果configure安装报错,我遇到的是没有安装GCC编译器,因此需要安装该插件。

直接suse yast工具安装。

      squid搭建代理                       

8.       Make 编译

hkproxy:/usr/local/src/squid-3.5.20 # make  #大约4分钟

9.       Make install 安装

hkproxy:/usr/local/src/squid-3.5.20 # make install

10.   将安装目录的权限进行调整。

chown -R squid:squid /usr/local/squid/

11.   启动

hkproxy:/usr/local/squid/sbin # ./squid

12.   查看默认侦听端口是否启动,默认是3128,我更改为3129了。

hkproxy:/usr/local/squid/sbin# netstat -an | grep "3129"

tcp        0     0 :::3129                :::*                    LISTEN     

tcp        0     0 10.90.5.33:3129        10.200.1.12:2131       ESTABLISHED

 

1.1.3配置squid

Squid的配置文件squid.conf

#acllocalnet src 10.0.0.0/8    # RFC1918possible internal network

#acllocalnet src 172.16.0.0/12 # RFC1918 possible internal network

#acllocalnet src 192.168.0.0/16        #RFC1918 possible internal network

#acllocalnet src fc00::/7       # RFC 4193local private network range

#acllocalnet src fe80::/10      # RFC 4291link-local (directly plugged) machines

#acllocalnet src 222.66.202.206/32

#acllocalnet src 58.247.3.26/32

acllocalnet src 10.200.1.12/32

acllocalnet src 10.100.4.3/32

acllocalnet src 10.200.0.8/32

acllocalnet src 10.200.6.228/32

acllocalnet src 10.200.4.63/32

aclSSL_ports port 443

aclSafe_ports port 80          # http

aclSafe_ports port 21          # ftp

aclSafe_ports port 443         # https

aclSafe_ports port 70          # gopher

acl Safe_portsport 210         # wais

aclSafe_ports port 1025-65535  #unregistered ports

aclSafe_ports port 280         # http-mgmt

aclSafe_ports port 488         # gss-http

aclSafe_ports port 591         # filemaker

aclSafe_ports port 777         # multilinghttp

acl CONNECT method CONNECT

 

# Squidnormally listens to port 3128

http_port 3129

squid.conf配置文件变更后,通过命令重新加载

hkproxy:/usr/local/squid/etc # /usr/local/squid/sbin/squid –k  reconfigure

其它操作,请参考帮助:
 hkproxy:/usr/local/squid/etc #/usr/local/squid/sbin/squid –k 

hkproxy:/usr/local/squid/etc# /usr/local/squid/sbin/squid -k

/usr/local/squid/sbin/squid:option requires an argument -- 'k'

Usage:squid [-cdhvzCFNRVYX] [-n name] [-s | -l facility] [-f config-file] [-[au]port] [-k signal]

       -a port  Specify HTTP port number (default: 3128).

       -d level Write debugging to stderr also.

       -f file  Use given config-file instead of

                /usr/local/squid/etc/squid.conf

       -h       Print help message.

       -k reconfigure|rotate|shutdown|restart|interrupt|kill|debug|check|parse

                 Parse configuration file, thensend signal to

                 running copy (except -k parse)and exit.

       -n name  Specify service name to use for service operations

                 default is: squid.

       -s | -l facility

                 Enable logging to syslog.

       -u port  Specify ICP port number (default: 3130), disable with 0.

       -v       Print version.

       -z       Create missing swap directories and then exit.

       -C       Do not catch fatal signals.

       -D       OBSOLETE. Scheduled for removal.

       -F       Don't serve any requests until store is rebuilt.

       -N       No daemon mode.

       -R       Do not set REUSEADDR on port.

       -S       Double-check swap duringrebuild.

       -X       Force full debugging.

1.1.1客户端配置代理

 squid搭建代理

                             

 

至此可以浏览google了。。。。

squid搭建代理

1.1.1查看代理的访问记录

hkproxy:/usr/local/squid/var/logs #cat access.log  | more

1468291506.630    183 10.100.4.3 TCP_TUNNEL/200 848 CONNECTwww.google.com:443 - HIER_DIRECT/216.58.203.4 -

1468291506.791    877 10.100.4.3 TCP_TUNNEL/200 1626 CONNECTad.afy11.net:443 - HIER_DIRECT/74.117.199.102 -

1468291506.798 20 10.100.4.3TCP_MISS/200 842 GEThttp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBkrTynxASad- HIER_DIRECT/216.58.199.14 application/ocsp-response

1468291506.824    828 10.100.4.3 TCP_TUNNEL/200 43033 CONNECTfw.adsafeprotected.com:443 - HIER_DIRECT/52.196.221.84 -

1468291506.831    88010.100.4.3 TCP_TUNNEL/200 43033 CONNECT fw.adsafeprotected.com:443 -HIER_DIRECT/52.196.221.84 -


向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI